package com.tjetc;

import com.tjetc.utils.JdbcUtil;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

/**
 * @ author: gaoyongxiang
 * @ date: 2025/8/15
 * @ version: v1.0
 */
public class _4PreparedStatement {
    public static void main(String[] args) throws SQLException {
        /*
            通过PreparedStatement来防止 sql注入问题
         */
        Connection connection = JdbcUtil.getConnection();
        String sql = "select * from bank where id = ?";
        PreparedStatement preparedStatement = connection.prepareStatement(sql);
        // ？表示参数的位置 从1开始 set方法对应类型
        preparedStatement.setInt(1, 1);
//        预编译后sql可以直接执⾏ 不需要在添加sql语句
        ResultSet resultSet = preparedStatement.executeQuery();
        while (resultSet.next()) {
//            int id = resultSet.getInt(1);
            int id = resultSet.getInt("id"); // 使用这种
            System.out.println(id);
        }
    }
}